Quality: Standardize update practices for Secure::Static Analysis analyzers => 67%
Problem to solve
As a member of groupstatic analysis, I want to know all that expected of me when evaluating third party tools.
Proposal
-
Standardize update procedure for Static Analysis analyzer projects. -
Formalize a maintainer program for Secure analyzers. -
Document how to handle MRs which have gone dormant.
Further details
A lot has been accomplished this quarter, though not the entirety of the ambition.
Accomplishments
- Project settings on static analysis projects have been tightened up.
- No push directly to project default branches.
- Only project maintainers can merge changes.
- The mechanics for adding a Maintainers program in Static Analysis have been settled.
- An initial proposal for what all is included in a Maintainers program in Static Analysis has been put forward.
- Established #WeOwnWhatWeShip, delegating analyzer update practices and better standardizes expectations.
- Documented how to handle dormant MRs.
Work remaining
- The proposal for adding a Maintainers program in Static Analysis needs to be finalized. It's out to the team for commentary and contribution.
- Maintainers need to be encouraged to self-nominate for the trainee process.
- Trainee maintainers need to be worked through the process and converted into Maintainers for each project owned by Static Analysis.
- This will take time - maybe another quarter or more to realize.
This is good an necessary work, which will spill into Q2. A new OKR will be created to track that work as it progresses through the quarter.
Edited by Thomas Woodham